Security Advisory

CVE-2019-12250

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-05-21 15:22:43

Last updated 2024-08-04 23:17:39

Assigner mitre

State PUBLISHED

Description

IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host

← Browse all CVEs View on cve.org ↗